Windows Forms and Web Forms Recommendations
When designing applications that involve a user interface, you have two choices: Windows Forms and Web Forms. Both have full design-time support within the development environment and can provide a rich user interface and advanced application functionality to solve business problems. How, then, to decide which technology is appropriate for a given application?
Certain application considerations might make the choice obvious: For example, if you are creating an e-commerce Web site that will be accessible to the public over the Internet, then of course you would develop the application using Web Forms pages. If you are building a processing-intensive, highly responsive application that needs to take advantage of the full functionality of the client machine — such as an office productivity application — of course you would use Windows Forms. However, in other cases the choice might not be so clear.
In the sections that follow, you can find information about the features and characteristics of each type of technology that will help you determine which is most suited to your application.
Windows Forms are used to develop applications where the client is expected to shoulder a significant amount of the processing burden in an application. These include classic Win32 desktop applications, the kinds that were traditionally developed in previous versions of Visual Basic and Visual C++. Examples include drawing or graphics applications, data-entry systems, point-of-sale systems, and games.
A common feature these applications share is that they rely on the power of the desktop computer for processing and high-performance content display. Some Windows Forms applications might be entirely self-contained and perform all application processing on the user's computer. Games are often written this way. Others might be part of a larger system and use the desktop computer primarily for processing user input. For example, a point-of-sale system often requires a responsive, sophisticated user interface that is created on the desktop computer, but is linked to other components that perform back-end processing.
Because a Windows application that uses Windows Forms is built around a Windows framework, it has access to system resources on the client computer, including local files, the Windows registry, the printer, and so on. This level of access can be restricted to eliminate any security risks or potential problems that arise from unwanted access. Additionally, Windows Forms can take advantage of the .NET GDI+ graphics classes to create a graphically rich interface, which is often a requirement for data-mining or game applications.
ASP.NET Web Forms are used to create applications in which the primary user interface is a browser. Naturally, this includes applications intended to be available publicly via the World Wide Web, such as e-commerce applications. But Web Forms are useful for more than just creating Web sites — many other applications lend themselves to a "thin front end" as well, such as an intranet-based employee handbook or benefits application. An important feature is that there is no distribution cost, since users already have installed the only piece of the application that they need— the browser.
Web Forms applications are, by definition, platform-independent — that is, they are "reach" applications. Users can interact with your application regardless of what type of browser they have and even what type of computer they are using. At the same time, Web Forms applications can be optimized to take advantage of features built into the most recent browsers such as Microsoft Internet Explorer 5 to enhance performance and responsiveness. (In many cases, this optimization is built into the Web Forms components you are using, which can automatically detect browser levels and render pages accordingly.)
Web Forms offer some features that are useful even in non-Web contexts. Because they rely on HTML, they are suitable for text-intensive applications of any sort, and especially those in which text formatting is important. Because browsers are usually limited in their access to a user's system resources, they are useful precisely in situations where you want to limit users' access to portions of your application.
Comparing Windows Forms and Web Forms
The following table provides a side-by-side comparison of different application criteria and how Windows Forms and Web Forms technologies address these criteria.
|Feature/Criterion||Windows Forms||Web Forms|
|Deployment||Windows Forms allow "no-touch" deployment, where applications can be downloaded, installed, and run directly on the users' machines without any alteration of the registry.||Web Forms have no client deployment; the client requires only a browser. The server must be running the Microsoft .NET Framework. Updates to the application are made by updating code on the server.|
|Graphics||Windows Forms include GDI+, which allows sophisticated graphics to be used for games and other extremely rich graphical environments.||Interactive or dynamic graphics require round trips to the server for updates when used on Web Forms. GDI+ can be used on the server to create custom graphics.|
|Responsiveness||Windows Forms can run entirely on the client computer; they can provide the quickest response speed for applications requiring a high degree of interactivity.||If you know that users will have Internet Explorer 5 or later, a Web Forms application can take advantage of the browser's dynamic HTML (DHTML) capabilities to create a rich, responsive user interface (UI). If users have other browsers, most processing (including UI-related tasks such as validation) requires a round trip to the Web server, which can affect responsiveness.|
|Form and text flow control||Windows Forms grid positioning gives you precise two-dimensional control (x and y coordinates) over the placement of controls.
To display text on Windows Forms requires that you insert it into controls (for example, the Label control, the Textbox control, or the RichTextBox control). Formatting is limited.
|Web Forms are based around HTML-style flow layout and therefore support all the features of Web page layout. They are particularly rich in text formatting support.
Control layout can be managed adequately (with some limitations, such as no overlapping controls). If the users have DHTML-capable browsers, you can specify much more precise layout with two-dimensional (x- and y-coordinate) layout.
|Platform||Windows Forms require the .NET Framework running on the client computer.||Web Forms require only a browser. DHTML-capable browsers can take advantage of extra features, but Web Forms can be designed to work with all browsers. The Web server must be running the .NET Framework.|
|Access to local resources (file system, Windows registry, and so forth)||Applications, when permitted, can have complete access to local computer resources. If required, the application can be restricted with precision from using specific resources.||Browser security prevents the application from accessing resources on the local computer.|
|Programming model||Windows Forms are based on a client-side, Win32 message-pump mode, where instances of components are created, used, and discarded by the developer.||Web Forms rely on a largely asynchronous, disconnected model, where components are loosely coupled to the application front end. Typically, application components are invoked via HTTP. This model may not be suitable for applications requiring extreme throughput from the user end or for those with high-volume transactions. Similarly, Web Forms applications may not be suitable for database applications that require high levels of concurrency control (for example, pessimistic locking).|
|Security||Windows Forms use granular permissions in its implementation of code access security to protect computer resources and sensitive information. This allows careful exposure of functionality, while retaining security. For instance the Printing Permission, which at one level would allow printing to the default printer only, at another level would allow printing to any printer.||Authorization to gain access to the resources of a web application is typically controlled on a per-URL basis by authenticating the credentials (for example, a name/password pair) of the requestor. Web Forms enable the ability to control the identity under which server application code is executed. Applications can execute code with the identity of the requesting entity, which is known as impersonation. Applications can also dynamically tailor content based on the requestor's identity or role. For example, a manager could receive access to a site, or a higher level of content than someone with lower permissions.|